CWE

Common Weakness Enumeration

A Community-Developed List of Software Weakness Types

CWE/SANS Top 25 Most Dangerous Software Errors
Home > CWE List > CWE- Individual Dictionary Definition (2.10)  
ID

CWE-663: Use of a Non-reentrant Function in a Concurrent Context

Weakness ID: 663
Abstraction: Base
Status: Draft
Presentation Filter:
+ Description

Description Summary

The software calls a non-reentrant function in a concurrent context in which a competing code sequence (e.g. thread or signal handler) may have an opportunity to call the same function or otherwise influence its state.
+ Time of Introduction
  • Architecture and Design
  • Implementation
+ Common Consequences
ScopeEffect
Integrity
Confidentiality
Other

Technical Impact: Modify application data; Read application data; Alter execution logic

+ Observed Examples
ReferenceDescription
unsafe calls to library functions from signal handler
handler for SIGCHLD uses non-reentrant functions
+ Potential Mitigations

Phase: Implementation

Use reentrant functions if available.

Phase: Implementation

Add synchronization to your non-reentrant function.

Phase: Implementation

In Java, use the ReentrantLock Class.

+ Relationships
NatureTypeIDNameView(s) this relationship pertains toView(s)
ChildOfCategoryCategory361Time and State
Development Concepts (primary)699
ChildOfWeakness BaseWeakness Base662Improper Synchronization
Research Concepts (primary)1000
ChildOfCategoryCategory986SFP Secondary Cluster: Missing Lock
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness VariantWeakness Variant479Signal Handler Use of a Non-reentrant Function
Development Concepts699
Research Concepts1000
ParentOfWeakness VariantWeakness Variant558Use of getlogin() in Multithreaded Application
Research Concepts (primary)1000
+ References
Dipak Jha, Software Engineer, IBM. "Use reentrant functions for safer signal handling". <http://www.ibm.com/developerworks/linux/library/l-reent.html>.
+ Content History
Modifications
Modification DateModifierOrganizationSource
2008-07-01Eric DalciCigitalExternal
updated References, Potential_Mitigations, Time_of_Introduction
2008-09-08CWE Content TeamMITREInternal
updated Relationships, References
2009-03-10CWE Content TeamMITREInternal
updated Related_Attack_Patterns
2010-09-27CWE Content TeamMITREInternal
updated Name, Observed_Examples, Potential_Mitigations, References, Relationships
2010-12-13CWE Content TeamMITREInternal
updated Description, Name, Relationships
2011-06-01CWE Content TeamMITREInternal
updated Common_Consequences
2012-05-11CWE Content TeamMITREInternal
updated Relationships
2014-07-30CWE Content TeamMITREInternal
updated Relationships
Previous Entry Names
Change DatePrevious Entry Name
2010-09-27Use of a Non-reentrant Function in an Unsynchronized Context
2010-12-13Use of a Non-reentrant Function in a Multithreaded Context

More information is available — Please select a different filter.
Page Last Updated: January 18, 2017